Implementing GitOps with Kubernetes: Automate, manage, scale, and secure infrastructure and cloud-native applications

Implementing GitOps with Kubernetes
Contributors
About the authors
About the reviewers
Preface
Who this book is for
What this book covers
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Part 1: Understanding GitOps via Uncomplicated Orchestrations/ Kubernetes
1
An Introduction to GitOps
Technical requirements
GitOps unveiled – reshaping development culture and practices
Traditional CI/CD with DevOps against GitOps
The fundamentals of GitOps and the advantages of adopting it for platform engineering
Why GitOps?
The integration between GitOps, IaC, and Kubernetes
GitOps and IaC
GitOps and Kubernetes
Kubernetes and Argo CD
Kubernetes and Flux CD
Summary
Further reading
2
Navigating Cloud-native Operations with GitOps
Technical requirements
An overview of the integration of GitOps and cloud-native technology
An introduction to Kubernetes
What is Kubernetes?
Kubernetes architecture
Exploring K3s as a lightweight Kubernetes distribution
Local cluster setup
K3s setup and installation verification
Kubernetes manifest
Our first deployment with K3s
Port forwarding
Getting started with containers
Docker setup
Docker alternatives
Dockerfile
Sample workflow – effortless CD with Docker and K3s
Local development
Dockerizing the application and running it locally
Publishing the image to a container registry
Deploying to K3s
Summary
Further reading
3
Version Control and Integration with Git and GitHub
Technical requirements
Exploring version control systems – local, centralized, and distributed
Why Git?
Git setup
Creating and cloning a Git repository
The basics of Git
Exploring GitHub
GitHub’s ecosystem
GitHub flow
Integrating GitOps and GitHub
Summary
Further reading
4
Kubernetes with GitOps Tools
Technical requirements
Overview of popular GitOps tools
A deep dive into Helm and Kustomize
Helm
Kustomize
Argo CD integration with Kubernetes
Argo CD setup
Flux integration with Kubernetes
Flux setup
Deploying to Kubernetes with Flux
Comparing Argo CD and Flux
Summary
Part 2: Harnessing Advanced Orchestrations, Culture, and Control in GitOps Practices
5
GitOps at Scale and Multitenancy
Technical requirements
Traditional CI/CD versus GitOps CD
Platform engineering versus IDPs
Understanding the App of Apps approach
Use cases of App of Apps combined with examples
The ApplicationSets approach
Which approach should be used?
Understanding multi-cluster management
One cockpit to rule them all
One cockpit – multiple fleet and commander concept
Understanding effective Git repository strategies
Environment branches
Environment per Git
Folders for environments
Scaling with ApplicationSet generators
Building a service catalog for Kubernetes
Building the service catalog
Exploring native multitenancy with Argo CD
Exploring multitenancy with vCluster and Argo CD
Bonus – simplified connection to multiple vClusters – a handy bash script
Limitations solved in multitenancy with GitOps – a review
Wrapping up – insights and lessons from multitenancy experiences
Summary
References
6
GitOps Architectural Designs and Operational Control
Exploring diverse GitOps architectural frameworks for Kubernetes environments
Examining the impact of architectural choices on GitOps’ effectiveness
Architectural choices impacting GitOps
Making informed architectural decisions
Tailoring designs for scalability, resilience, and efficiency in cloud-native deployments
Scalability in cloud-native architectures
Resilience through redundancy and isolation
Efficiency with proactive optimization
Tailoring designs with GitOps
Centralized control – managing clusters with a solo Argo instance
The approach – centralized control
When to use the centralized control approach
When to avoid the centralized control approach
Dedicated instances – instance per cluster with Argo CD
When to use dedicated Argo CD instances
When to avoid dedicated Argo CD instances
Dedicated instances – instance per cluster with Flux CD
The middle way – instance per logical group with Argo CD
When to use the middle-way approach
When not to use the middle-way approach
The cockpit and fleet approach with Argo CD
Delving deeper into the approach
Operational dynamics
When to use the cockpit and fleet approach
When not to use the cockpit and fleet approach
Choosing the right approach for your GitOps needs
Centralized Kubernetes cluster creation – leveraging Cluster API and Argo CD for streamlined cluster deployment
Introduction to Cluster API
How Cluster API is leveraged by different companies
A deep dive into Cluster API and GitOps – hands-on
Initializing the management cluster
Creating your first workload cluster
Summary
References
7
Cultural Transformation in IT for Embracing GitOps
Treating infrastructure as an application
Understanding IaC
Understanding infrastructure as applications in Argo CD’s GitOps framework
Embracing infra-as-apps – bridging GitOps and infrastructure management
How IaC can be used to deploy infrastructure
Why infra-as-apps is a game-changer?
Understanding the principles of immutable infrastructure
The essence of immutable infrastructure
Integrating immutable infrastructure with GitOps
Introducing DORA metrics
Understanding the need for continual improvement in GitOps
Overcoming cultural barriers to adopt GitOps
A project’s story – exchange, experiences, and learnings
Essential Q&A from another recent project
Summary
References
Part 3: Hands-on Automating Infrastructure and CI/CD with GitOps
8
GitOps with OpenShift
Technical requirements
Introduction to Red Hat OpenShift
Red Hat OpenShift environment setup
Troubleshooting OpenShift CRC setup issues
Setting Up GitOps in Red Hat OpenShift
Leveraging Red Hat OpenShift’s CI/CD for GitOps
Automation and configuration best practices
A comparison of Kubernetes Red Hat OpenShift
Summary
9
GitOps for Azure and AWS Deployments
Technical requirements
Azure and AWS accounts
Cloud GitOps essentials – Azure and AWS
Azure GitOps essentials
AWS GitOps essentials
GitOps applications in cloud environments
Cross-cloud strategies
GitOps strategies for Azure and AWS deployments for Kubernetes
Azure GitOps strategies
AWS GitOps strategies
Summary
10
GitOps for Infrastructure Automation – Terraform and Flux CD
Technical requirements
Introducing infrastructure automation with Terraform and Flux CD
Setting up Terraform in a GitOps workflow
Tofu Controller (formerly Weave TF-Controller)
Getting started with the setup
Exploring Flux CD – enabling CD in Kubernetes
Combining Terraform and Flux CD for enhanced automation
Providing new infrastructure by updating Terraform files
Enhanced disaster recovery capabilities
Creating and managing multi-stage environments
Version control and automation with Terraform and Flux CD
Security and best practices with Terraform and Flux CD
Best practices for configuration and maintenance
Best practices for managing multi-environment configurations
Git workflow strategies
Multi-environment management with Terraform and Flux CD
Summary
11
Deploying Real-World Projects with GitOps on Kubernetes
Technical requirements
Establishing a GitOps and Kubernetes development environment
Implementing CI/CD with GitOps
Final objective and implementation
CI/CD pipeline using GitHub Actions and Terraform
Using Argo CD for the continuous deployment
Designing for scalability and efficiency
Architectural principles
Resource management
Testing for scalability
Resources management and scalability
Optimizing resource usage
Implementing the HPA
Testing for scalability – an example
Monitoring and securing your application
Monitoring
Setting up Prometheus and Grafana
Understanding Kubernetes security
Summary
Part 4: Operational Excellence Through GitOps Best Practices
12
Observability with GitOps
Exploring the fundamentals of SRE for GitOps and Kubernetes
The intersection of SRE with GitOps
SRE principles in a Kubernetes context
Understanding internal (white box) versus external (black box) observability
Internal or white box observability explained
External or black box observability defined
Balancing internal and external observability
Exploring SLO-driven multi-stage performance with DORA
Integrating SLOs with DORA metrics
Applying a multi-stage approach
Implementing distributed tracing in GitOps with Linkerd
Implementing monitoring in GitOps with tools such as Uptime Kuma and OpenTelemetry
Uptime Kuma – the external watchdog for your online services
OpenTelemetry – a unified observability framework
Looking at alerting strategies in a GitOps framework
Some relevant alerting rules
Diving deeper into node overcommitment in Kubernetes
Scaling observability with GitOps
Scaling observability components
Organizational strategies for effective observability
Selecting the right observability tools for specific use cases
Enterprise-level best practices with observability and GitOps
Summary
References
13
Security with GitOps
Hardening declarative GitOps CD on Kubernetes
Addressing configuration vulnerabilities
Enhancing password management and RBAC
Committing everything to Git? What about Secrets?
Sealed Secrets
External Secrets
Leveraging a policy engine for policy-as-code practices
Integrating Kyverno and OPA
Hands on – let’s put theory into practice [6]
Automating security scanning and compliance
KubeClarity
Falco
Keeping your platform catalog up-to-date
Summary
References
14
FinOps, Sustainability, AI, and Future Trends for GitOps
Covering the fundamentals of FinOps
Forecasting and monitoring costs with GitOps
How GitOps complements FinOps
Utilizing GitOps with FinOps
OpenCost versus Kubecost with GitOps
Optimization techniques for cloud spend
Combining GitOps and Kubecost for cloud spend optimization
Assessing carbon footprint and promoting green operations
Assessing carbon footprint with kube-green
Promoting green operations with Armada
Assessing carbon footprint by integrating with GitOps
Looking at GitOps and AI-driven automation
Robusta.dev
Future challenges and opportunities in GitOps
The role of GitOps in emerging technologies
Summary
References
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book